Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/39ab2e-feeb-4a0e-8740-45296c32f0a3/1/1pwmD_7L0oYezO7-aGze3kUZz0U.roa
File: 1pwmD_7L0oYezO7-aGze3kUZz0U.roa (raw, json)
Hash identifier: 8kn7ah1JpWrTYqhJAQo+tk9h0fV6VXspRTUMWcMVbdw=
Subject key identifier: D6:9C:26:0F:FE:CB:D2:86:1E:CC:EE:FE:68:6C:DE:DE:45:19:CF:45
Certificate issuer: /CN=8e16bde64a9a9bba3ffa1438a197ac3f94989faf
Certificate serial: 01863ADB7BDBDA2964E79A17B09D9F0AF0DE
Authority key identifier: 8E:16:BD:E6:4A:9A:9B:BA:3F:FA:14:38:A1:97:AC:3F:94:98:9F:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jha95kqam7o_-hQ4oZesP5SYn68.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3e/39ab2e-feeb-4a0e-8740-45296c32f0a3/1/1pwmD_7L0oYezO7-aGze3kUZz0U.roa
Signing time: Fri 10 Feb 2023 10:25:08 +0000
ROA not before: Fri 10 Feb 2023 10:25:08 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41435
IP address blocks: 2a0d:9885::/32 maxlen: 32
2a0d:9887::/32 maxlen: 32
2a0d:9881::/32 maxlen: 32
2a0d:9886::/32 maxlen: 32
2a0d:9884::/32 maxlen: 32
2a0d:9882::/32 maxlen: 32
2a0d:9880::/32 maxlen: 32
2a0d:9883::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:3a:db:7b:db:da:29:64:e7:9a:17:b0:9d:9f:0a:f0:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8e16bde64a9a9bba3ffa1438a197ac3f94989faf
Validity
Not Before: Feb 10 10:25:08 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d69c260ffecbd2861ecceefe686cdede4519cf45
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:a6:19:e9:5d:6b:7e:33:77:5b:64:3d:6c:f2:
a8:87:71:a7:5a:ed:47:03:80:aa:09:4d:36:04:6e:
89:10:77:c1:18:6d:bf:a0:ea:6b:68:8a:98:5f:76:
df:0d:68:d7:a3:5f:7c:46:aa:a6:47:48:f9:59:6e:
43:f6:bf:83:8a:96:9d:ad:c8:28:d8:6f:d4:3f:7f:
43:06:74:22:79:73:bf:1f:2f:89:74:c2:37:ef:01:
c6:a3:81:ad:6c:b6:b1:ed:e9:26:88:3e:09:a1:76:
b9:52:a2:aa:ef:01:b3:ee:8a:fd:6f:de:69:f5:60:
7c:a9:63:a4:f3:48:43:28:7e:bd:04:6f:32:80:e4:
fa:b9:88:b5:9f:5c:b8:4e:51:0b:54:25:92:ff:7b:
74:97:1f:c4:be:65:e1:74:37:ee:58:8b:37:68:37:
53:95:be:46:bb:36:26:26:b2:cd:93:83:f9:b5:42:
d0:f1:c7:cf:43:0c:3b:4d:2a:8d:8a:35:6e:52:71:
17:da:21:19:ae:72:c7:af:21:6c:0a:13:fc:20:4e:
bc:3d:8f:02:06:67:6d:15:70:88:93:8c:66:27:b2:
b1:2a:88:a9:29:c4:4a:c6:c3:1c:b3:a0:cb:68:ca:
4a:b6:f1:29:51:fe:e0:64:c2:ae:39:11:af:3f:77:
4c:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:9C:26:0F:FE:CB:D2:86:1E:CC:EE:FE:68:6C:DE:DE:45:19:CF:45
X509v3 Authority Key Identifier:
keyid:8E:16:BD:E6:4A:9A:9B:BA:3F:FA:14:38:A1:97:AC:3F:94:98:9F:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jha95kqam7o_-hQ4oZesP5SYn68.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/39ab2e-feeb-4a0e-8740-45296c32f0a3/1/1pwmD_7L0oYezO7-aGze3kUZz0U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/39ab2e-feeb-4a0e-8740-45296c32f0a3/1/jha95kqam7o_-hQ4oZesP5SYn68.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0d:9880::/29
Signature Algorithm: sha256WithRSAEncryption
49:33:da:d2:ee:ed:07:04:0b:81:f8:e0:46:c8:73:83:c4:18:
b1:06:38:43:53:ef:c8:03:4b:79:f0:b0:0d:29:ab:23:8d:5d:
87:53:fc:de:2f:7b:eb:97:34:07:a3:65:7d:a0:fb:0d:c8:8f:
f8:58:f0:64:23:fb:8e:8c:b6:68:78:72:2f:56:87:52:b7:2b:
42:d8:62:9d:14:0f:87:ca:94:f3:22:e3:63:25:42:b2:05:94:
20:09:f5:85:93:b5:40:6c:a2:e0:39:b0:c4:0d:d3:2d:b8:6e:
aa:bd:2b:ae:16:cb:5a:97:90:59:33:4b:9b:20:cc:e8:79:67:
a0:70:1d:ec:4a:37:33:e3:c4:20:b8:30:68:ed:5b:5d:dc:0e:
54:38:44:37:88:55:3e:70:a3:30:c4:d4:10:ea:44:42:17:37:
75:51:e3:08:5b:8b:2b:b5:ed:ea:1d:cc:28:45:55:33:d7:b7:
99:87:40:cc:e6:ef:83:9b:3c:d7:8a:29:c4:47:36:28:d5:67:
cd:2f:e7:21:96:6e:f4:42:f5:f8:f5:2d:9c:fb:67:07:02:45:
19:d6:f7:28:d1:19:13:7b:d2:bd:e9:91:02:ab:bf:be:28:70:
10:16:85:65:9f:4a:14:ae:cc:b6:54:a5:e2:41:dc:04:db:bf:
08:a6:1e:aa
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYY623vb2ilk55oXsJ2fCvDeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMTZiZGU2NGE5YTliYmEzZmZhMTQzOGExOTdhYzNmOTQ5
ODlmYWYwHhcNMjMwMjEwMTAyNTA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjljMjYwZmZlY2JkMjg2MWVjY2VlZmU2ODZjZGVkZTQ1MTljZjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiKYZ6V1rfjN3W2Q9bPKoh3GnWu1H
A4CqCU02BG6JEHfBGG2/oOpraIqYX3bfDWjXo198RqqmR0j5WW5D9r+Dipadrcgo
2G/UP39DBnQieXO/Hy+JdMI37wHGo4GtbLax7ekmiD4JoXa5UqKq7wGz7or9b95p
9WB8qWOk80hDKH69BG8ygOT6uYi1n1y4TlELVCWS/3t0lx/EvmXhdDfuWIs3aDdT
lb5GuzYmJrLNk4P5tULQ8cfPQww7TSqNijVuUnEX2iEZrnLHryFsChP8IE68PY8C
BmdtFXCIk4xmJ7KxKoipKcRKxsMcs6DLaMpKtvEpUf7gZMKuORGvP3dM6QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNacJg/+y9KGHszu/mhs3t5FGc9FMB8GA1UdIwQY
MBaAFI4WveZKmpu6P/oUOKGXrD+UmJ+vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamhhOTVrcWFtN29fLWhRNG9aZXNQNVNZbjY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS8zOWFiMmUtZmVlYi00YTBlLTg3NDAt
NDUyOTZjMzJmMGEzLzEvMXB3bURfN0wwb1llek83LWFHemUza1VaejBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS8zOWFiMmUtZmVlYi00YTBlLTg3NDAtNDUyOTZjMzJmMGEz
LzEvamhhOTVrcWFtN29fLWhRNG9aZXNQNVNZbjY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg2YgDAN
BgkqhkiG9w0BAQsFAAOCAQEASTPa0u7tBwQLgfjgRshzg8QYsQY4Q1PvyANLefCw
DSmrI41dh1P83i9765c0B6NlfaD7DciP+FjwZCP7joy2aHhyL1aHUrcrQthinRQP
h8qU8yLjYyVCsgWUIAn1hZO1QGyi4DmwxA3TLbhuqr0rrhbLWpeQWTNLmyDM6Hln
oHAd7Eo3M+PEILgwaO1bXdwOVDhEN4hVPnCjMMTUEOpEQhc3dVHjCFuLK7Xt6h3M
KEVVM9e3mYdAzObvg5s814opxEc2KNVnzS/nIZZu9EL1+PUtnPtnBwJFGdb3KNEZ
E3vSvemRAqu/vihwEBaFZZ9KFK7MtlSl4kHcBNu/CKYeqg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:29 2024 by rpki-client on console-fra.rpki-client.org